Browse Source

Added content.

dev
Franco Masotti 2 years ago
parent
commit
f0d23e645c
Signed by: frnmst
GPG Key ID: 24116ED85666780A
  1. 87
      _posts/2020-10-07-fail2ban.md

87
_posts/2020-10-07-fail2ban.md

@ -1,7 +1,7 @@
---
title: Fail2ban
tags: [fail2ban, systemd, gitea, gotify, roundcube, filter, ban]
updated: 2020-10-07 12:24
updated: 2020-10-07 15:26
description: Customization of Fail2ban filter, rules and settings
---
@ -11,17 +11,20 @@ description: Customization of Fail2ban filter, rules and settings
- [Table of contents](#table-of-contents)
- [Introduction](#introduction)
- [Global options](#global-options)
- [Settings](#settings)
- [Logrotate](#logrotate)
- [Fail2ban](#fail2ban)
- [Systemd service](#systemd-service)
- [Jenkins](#jenkins)
- [Filters](#filters)
- [Gitea](#gitea)
- [Gotify](#gotify)
- [Roundcube](#roundcube)
- [Jenkins](#jenkins-1)
- [Jails](#jails)
- [Gitea](#gitea-1)
- [Gotify](#gotify-1)
- [Roundcube](#roundcube-1)
- [Jenkins](#jenkins-2)
<!--TOC-->
@ -29,10 +32,37 @@ description: Customization of Fail2ban filter, rules and settings
This is a list of custom filters, rules and settings I use for Fail2ban.
## Global options
## Settings
### Logrotate
Install [logrotate](https://github.com/logrotate/logrotate) then run
```
# systemctl start logrotate.timer
# systemctl enable logrotate.timer
```
Add a new file:
- `/etc/logrotate.d/jenkins`
```
/var/log/jenkins/*.log {
weekly
copytruncate
missingok
rotate 10
compress
delaycompress
notifempty
}
```
### Fail2ban
#### Global options
- `/etc/fail2ban/jail.local`
```
@ -47,7 +77,15 @@ This is a list of custom filters, rules and settings I use for Fail2ban.
action = %(action_mwl)s
```
### Systemd service
- `/etc/fail2ban/action.d/abuseipdb.conf`
```
actionban =
```
Replace the default action with an empty one
#### Systemd service
Follow the instructions reported [here](https://wiki.archlinux.org/index.php/Fail2ban#Service_hardening)
@ -90,6 +128,22 @@ Follow the instructions reported [here](https://wiki.archlinux.org/index.php/Fai
logtarget = /var/log/fail2ban/fail2ban.log
```
### Jenkins
- `/etc/conf.d/jenkins`
```
# Enable access log.
JENKINS_ACCESSLOG="--accessLoggerClassName=winstone.accesslog.SimpleAccessLogger --simpleAccessLogger.format=combined --simpleAccessLogger.file=/var/log/jenkins/access.log"
# Keep the rest.
# Add JENKINS_ACCESSLOG to the command line arguments.
JENKINS_COMMAND_LINE="$JAVA $JAVA_ARGS $JAVA_OPTS -jar $JENKINS_WAR $JENKINS_WEBROOT $JENKINS_PORT $JENKINS_AJPPORT $JENKINS_OPTS $JENKINS_ACCESSLOG"
```
See also [https://wiki.jenkins.io/display/JENKINS/Access+Logging](https://wiki.jenkins.io/display/JENKINS/Access+Logging)
## Filters
### Gitea
@ -115,6 +169,17 @@ Follow the instructions reported [here](https://wiki.archlinux.org/index.php/Fai
See [https://raw.githubusercontent.com/fail2ban/fail2ban/bb0f732ae69894b22306dd7efa213513e3acd8a2/config/filter.d/roundcube-auth.conf](https://raw.githubusercontent.com/fail2ban/fail2ban/bb0f732ae69894b22306dd7efa213513e3acd8a2/config/filter.d/roundcube-auth.conf)
### Jenkins
- `/etc/fail2ban/filter.d/jenkins.conf`
```
[Definition]
failregex = <HOST>.*?GET /loginError HTTP/1.1" 401.*?
ignoreregex =
datepattern = %%d/%%b/%%Y:%%H:%%M:%%S
```
## Jails
### Gitea
@ -154,3 +219,15 @@ Follow the instructions reported [here](https://wiki.archlinux.org/index.php/Fai
filter = roundcube-auth
logpath = /var/log/roundcubemail/errors.log
```
### Jenkins
- `/etc/fail2ban/jail.local`
```
[jenkins]
enabled = true
port = http,https
filter = jenkins
logpath = /var/log/jenkins/access.log
```

Loading…
Cancel
Save